What You will Find at the Domain

The address is associated with a website for the rogue anti-virus program Antivirus Protection. The domain is highly professional-looking; however, don't be fooled. There is nothing behind the flashy exterior of this hostile website. ESG security researchers strongly recommend against downloading Antivirus Protection or visiting the domain If you have entered this website, ESG malware researchers recommend running a full scan of your computer system with a genuine anti-malware tool. may use JavaScript or Flash exploits to infect your computer with malware. If you have downloaded Antivirus Protection, ESG malware researchers recommend getting rid of it with a real anti-malware program. Remember, everything advertised on is highly suspecting. If you have entered your credit card information into this website, call your credit card company to block the charges. The domain has been associated with cases of identity theft and fraudulent credit card charges.

The Domain Distributes Rogue Security Programs

Superficially, the website looks highly professional. ESG malware researchers advise you to ignore's polished look, since the domain distributes what is known as rogue anti-virus programs. Rogue security programs are programs designed to mimic legitimate security programs on the surface. In reality, they are nothing more than a collection of harmful Trojans and dangerous scripts, designed to wreak havoc on a computer system. Typical effects of a rogue anti-virus infection include constant fake security alerts, altered system settings, system instability, and the hijack of your Internet browser. Programs like Antivirus Protection will blame all of these effects on a number of imaginary Trojans on your computer, and then will attempt to charge you to fix these very same problems.

Rogue Security Programs, Trojans, and the Domain

The most common way in which rogue anti-virus programs are distributed is through Trojans. Trojans are malicious software that exploit vulnerabilities in your computer's security, in order to infiltrate your system. While Antivirus Protection can be, and often is, delivered by a Trojan, it is often downloaded by unwary computer users that mistake it for a legitimate anti-virus program. ESG security researchers have identified a large-scale Internet marketing campaign for Antivirus Protection. This kind of distribution is known as social engineering. The criminals behind the domain and Antivirus Protection prey on a computer user's lack of knowledge and caution to advertise their malware as a legitimate anti-virus product.

Technical Information

File System Details creates the following file(s):
# File Name Detection Count

Registry Details creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = ''
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.exe'